TakeoverHackerOnecdn-takeoverdomain-expiryjs-injectionsession-hijacksupply-chainOPEN

Expiring CDN domain enables JS injection and session hijacking on crypto exchange

Major cryptocurrency exchange. A CDN domain actively used for loading JavaScript assets across multiple exchange pages is approaching expiration or has lapsed registration. If registered by an attacker, this enables arbitrary JS injection on authenticated exchange pages leading to session cookie exfiltration, wallet address substitution, and full account takeover. The domain is confirmed referenced in production page source. I need help with: (1) verifying whether the CDN domain is currently registrable or in redemption period, (2) documenting which production pages still load scripts from this domain, (3) building a clean PoC demonstrating session hijack via injected JS. This is a high-severity supply chain vector if the domain can be claimed. Currently under triage.